Brussels Expo Privacy Charter (B2C)
Brussels Expo (hereafter “us” or “we”) appreciates your interest in its products, services and website. We want you to know how we collect, process and keep your personal data, which we aim to do with respect for your rights. We also want you to be aware of these rights. For this reason, we invite you to read this charter carefully. If you have any questions at all about the processing of your data or if you have any queries about information given in this charter, we invite you to contact us at the address “firstname.lastname@example.org”.
2. What do the law and the regulations say about this issue?
We strive to respect your rights concerning privacy and data protection. Although we try to offer guarantees going beyond the applicable laws and regulations on this matter, - we have taken organisational and technical measures to meet the provisions of the Belgian Data Protection Act of 30/07/2018 with regard to the protection of natural persons with regard to the processing of personal data and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27/04/2016, commonly known as the General Data Protection Regulations (hereafter GDPR).
3. What concepts will be useful for you in understanding this charter?
- Data subject: a natural person who can be directly or indirectly identified by information. This is a person whose personal data is collected and processed by a data controller or on its behalf. In practice, it means any individual whose personal data we process: our visitors; people who fill in contact forms on one of our websites; people who buy tickets for events organised at our site; any other person whose personal data is given to us, etc.
- Personal data: all information relating to an identified or identifiable natural person (= the data subject). This definition is broad because data is considered to be personal as soon as it allows an individual to be identified either directly (surname, first name, photo, etc.) or indirectly (e-mail address, customer number, employee number, etc.). When reference is made to “data” in this charter, we mean personal data.
- Processing: any operation or set of operations, whether or not it is carried out using automated means, applied to personal data or sets of data. Here, too, the definition is broad. Any manipulation of personal data constitutes processing: collection, consultation, storage, disclosure by transmission, adaptation or alteration, erasure, etc.
- Controller: the natural or legal person, public authority, agency or other body which determines the purposes of processing personal data and the means to carry it out. This is the person who decides why your data is collected and processed. It is your point of contact and the person who will be held responsible for complying with the data protection regulations in force.
- Processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. The processor does not decide why processing is carried out, it merely carries it out for a controller.
4. Who we are?
The not-for-profit association Parc des Expositions de Bruxelles, known in abbreviated form as “Brussels Expo”, has its registered address at 1, Place de Belgique, B-1020 Brussels. VAT nº: BE 0406655573.
Each person or organisation processing personal data must determine whether it is processing this data as a controller or a processor. This distinction in the processing of personal data is very important. It seems appropriate for us at this stage to present you with our activities and vision, as well as our relationship with our partners.
Our mission is to promote and develop a meeting venue highlighting economic, commercial, industrial, scientific, cultural, and entertainment activities, particularly through the various sites we have been granted by the City of Brussels. For this purpose, we carry out all activities we consider useful or necessary, particularly providing all services directly or indirectly connected with organising fairs and shows, congresses, conferences, exhibitions, concerts, festivals and other events. Part of our mission is also to continually improve the experience of customers visiting our site. We establish our activities in pursuit of these aims, supported by several partners.
We are always concerned to offer a diversified programme of activities and we also try to offer a full service to event organisers in order to attract diverse events that may be of interest both to the general public and to specific groups. More broadly, in terms of our particular position, we perform an important task coordinating the events and providing an overall strategy with a view to achieving our principal mission. We also have the power to decide on the events to be organised and we try to adopt a strategy coherent with our wish to develop the sites entrusted to us.
As a result of this particular position, when a data subject holds a ticket for an event, that person is always linked both to Brussels Expo and to the organiser of the event he or she wishes to attend. These two different organisations are therefore both data controllers as defined above.
In order to obtain full information, you are therefore invited to read our privacy charter, on one hand, and, on the other, that of the organiser of the event you wish to attend.
5. What does this charter cover?
The purpose of this charter is to explain which data (information) about you we collect, the way this data is processed and the reason for such processing. Through this document, we inform you of our commitments and your rights concerning the protection of your personal data.
This charter covers all personal data collected by Brussels Expo in the context of all its activities: fairs and shows, congresses, conferences, exhibitions, concerts, festivals and other events using the following means:
When you give us your personal data by one of these means, or by any other means, you must provide us with true information about yourself.
6. What are our principles concerning data protection?
Your personal data and your privacy are important to us. It is priority for us that you trust us. We try to process your data lawfully, in a transparent manner, faithfully and responsibly. We make every effort to adopt the appropriate organisational and technical measures to protect your data. Finally, we make an effort to collect as little data as possible about you while still achieving our aims.
7. The data we collect, how we process it and why
We do not process sensitive data in relation to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, health or a natural person’s sex life or sexual orientation. We do not process genetic or biometric data. If it was ever strictly necessary to process sensitive data, you would be duly informed in advance.
We do not authorise sales to children aged under 16 and we do not process personal data relating to children.
The data we collect and process is the data that you have voluntarily given us or one of our subcontractors/partners. For certain operations involving orders, you may give data about yourself to third parties via their own services – specifically when you make payments. We do not hold this data: its collection and processing is governed by the conditions of the parties concerned. We invite you to consult their terms and conditions before giving your data in such a situation.
- Data collected: when you wish to order a ticket for an event organised on one of our sites for the first time, we offer you the choice of placing an order with or without creating an account. In either case, we collect the following information:
- Title: Required identification data
- First name, Surname: required identification data
- Address: required identification data also allowing the sending of documents by post
- Language: data necessary to make communication with you easier
- E-mail address: required data allowing communication with you by e-mail and the sending of electronic tickets.
- Telephone number: required data that allows us to communicate with you in case a problem related to the event occurs. This data will not be used for any other reason.
- Date of birth: required data allowing us to check the age of our customers, preventing sale to children. This data is also essential for achieving our main purpose which is the development of our sites because an overall view of the age groups of people attending each event helps us to adapt our strategy and programme.
- : the reasons for any additional request for data will be provided when this data is collected.
- Purposes: Our main mission is to develop our sites, particularly via the organisation of events. In the context of achieving our corporate purpose, we collect and process the aforementioned data in order to succeed in our different missions and to offer you an experience and a service that meet your expectations. This information is also essential for identifying you and for implementing our contractual relationship. The processing of this data makes it possible for a personalised ticket and other communication concerning the event to be sent by e-mail. This also allows us to promote our activities, notifying you of offers and our programme based on our legitimate interest. Finally, it allows us to evaluate the events organised so we can assess our overall strategy: knowing the age of visitors, location, satisfaction survey, etc.
- Processing: The personal data collected is:
- Used to create an account in your name (except in the case of quick purchasing)
- Used to issue an admission ticket for the event in your name
- Entered in a structured database
- Used for various security purposes when you visit one of our sites
- Given to the organiser of the event for which you have booked an admission ticket
- Kept so that we can assess visits to our site in order to improve it
- As the case may be, your data is used in our direct marketing campaigns (= sending our programme, offers and promotions, etc.), provided you do not object to this
- Used with a view to compiling statistics allowing us to improve our overall event organisation strategy
- Used to send satisfaction surveys after an event to improve your experience
8. What is the basis for us processing your data?
- Performance of a contract:When you buy a ticket on our website, you are bound by a contractual relationship. This justifies the collection of your personal data with a view to implementing the contract: giving you your ticket, allowing you access to the event, giving you information about the event, managing venues, etc. You may cancel the contract binding you at any time.
- Legitimate interest: we have a legitimate interest in processing your personal data for purposes going beyond the context of the contract binding us. We have a legitimate interest in promoting our activities in order to achieve our mission. We strive to process your data responsibly based on our legitimate interest, minimising the risk of your privacy being breached. For example: we pledge to contact only people who have already bought a ticket for one of the events organised on our site and to offer you the chance to object to this type of processing easily and at any time. To ensure our direct marketing campaigns do not breach your right to privacy, we have seriously considered and assessed our legitimate interest and the risk of breach of your privacy in order to evaluate whether our interest is legitimate. You may object to this processing at any time.
- Legal obligation: it is possible that we may have to process your data in order to comply with a legal obligation in European Union or Belgian law. You cannot object to this processing.
- Consent: We may ask for your consent for some processing of your personal data. You may withdraw your consent at any time.
9. How we protect your data
We have established the necessary organisational and technical measures, proportional to the risk of breach of your rights, in order to protect your personal data. Our security measures are regularly assessed and adapted in order to ensure a permanently high level of protection.
10. With whom do we share your data?
We promise not to pass on or sell your personal data to third parties other than our subsidiaries, our processors and our direct partners whose intervention is necessary to achieve the aforementioned purposes.
In the context of the organisation of an event, we share your personal data with:
- The organiser of the event for which you have ordered a ticket. The event organiser is also responsible for processing your personal data. We pass on personal data relating to persons concerned who have ordered tickets for events organised by different organisers. But we pass your personal data only to the organiser of an event for which you have ordered an admission ticket and we provide you with the organiser’s privacy notice, when available, as soon as your data is collected.
- Processors: We use other companies so that we can organise our activities. These companies are processors and they process your personal data on the basis of our express instructions. We make every possible and reasonable effort to ensure that our process process your data in accordance with the applicable legal regulations. Access to your personal data is limited to data strictly necessary for them to perform their tasks. All our subcontractors are within the European Economic Area and are subject to data protection laws and regulations.
Your personal data will be sent to a third country only if an event organiser has its headquarters in a third country and no representative in Europe. On the day this charter is published, all the organisers we work with have establishments within the European Union. You will be informed of any data transfer outside the European Union when you order your ticket for an event.
11. How long do we keep your data?
All data provided is stored in our files and given to the organiser of the event for which you have booked a ticket, as the case may be. We invite you to examine the organiser’s charter to find out about its policy on storing data. How long it is kept depends on the processing carried out. Your data will be kept by Brussels Expo for five years from your last purchase, except for processing based on our legitimate interest (five years from the last contact with you) and processing justified by the legal obligations we are subject to. We do not keep your payment data.
12. What are your rights?
You are in charge of your personal data and its processing. We make every effort to ensure your rights are respected. So that you can manage your personal data better, you need to know that you have:
- The right to be informed: The right to be clearly and transparently informed about the processing of your personal data and your acknowledged rights concerning this matter. We try to achieve this by publishing this charter and by being available to provide any additional information you need.
- Right of access: you have the right to obtain confirmation of whether personal data concerning you has been processed by us and to access this data, as well as any other information relevant to its processing.
- Right to rectification: When you can show that the personal data concerning you is inaccurate or incomplete, you have the right to ask us to complete or rectify it as appropriate, by sending us an additional declaration.
- Right to erasure: In certain circumstances, you have the right to ask us to erase personal data concerning you.
- Right to restriction of processing: In certain situations you have the right to restrict the processing of your personal data to its storage.
- Right to object: when the processing of your personal data is based on the legitimate interest of Brussels Expo, you have the right to object to this processing at any time.
- Right to data portability: When the processing of your personal data is based on your consent or on a contract and it is carried out by automated means, you have the right to ask for this data in a commonly used, structured format readable by a machine. You can ask for this data to be given to another controller.
We try to comply with your requests to exercise your rights as quickly and efficiently as possible. We inform you, though, that, in certain situations described in the applicable laws and regulations on this issue, we have the right to refuse to allow you to exercise certain rights when this is justified by the situation and allowed by data protection regulations. We try to notify you of our refusal immediately, giving reasons, so you can understand why we cannot proceed with your request.
We are trying to establish a dynamic platform allowing you to exercise your rights at all times. While this platform is being developed, we invite you to exercise your rights by sending an e-mail to the address: email@example.com.
Important: before giving us your personal data, bear in mind that, if we receive a request to exercise one of your rights, we have no choice but to give out personal data concerning you. For this purpose, our power to check the identity of the data subject behind the request is limited. In accordance with our principle of restricting data collection to the data strictly necessary for achieving our purposes, we try not to collect additional data in order to verify your identity. We therefore consider that any request to exercise your rights coming from your account or your registered e-mail address is sufficient evidence of your identity. We invite you to register with your own e-mail address and urge you to be careful with securing it.
13. Where can I complain if my rights are breached?
If there is a problem, you can, of course, contact us at the address firstname.lastname@example.org so that we can help you better. You also always have the right to complain to the data protection authority. Further information on https://www.dataprotectionauthority.be/
Date of the last update: 04/10/2018